Security Alerts and Updates

June, 2018  (Click listings for more information).
21   Microsoft releases Windows 10 builds 16299.522, 15063.1182.
20  Google Updates File Signature Checks for Android Apps.
20  Google, Roku, Sonos to fix DNS Rebinding Attack Vector.
19  ZeroFont Technique Bypasses Office 365 Security Filters.
19   AT&T, Sprint, Verizon to stop sharing customer location data.
18   MacOS still leaks secrets stored on encrypted drives.
18   Google to fix location data leak in Google Home, Chromecast.
18   Adware wreaks havoc among Windows 10 users in the US.
15   AV Real-World Protection Test May 2018 – Factsheet.
15   The Week in Ransomware – DBGer, Scarab, and More.
14    Windows 10 April 2018 Update is now fully available.
14   Android malware packs a banking trojan, keylogger & ransomware.
13   VPNFilter Malware Still Making Waves.
13   New Vulnerability Affects All Intel Core CPUs.
13   Cortana hack lets you change passwords on locked PCs.
13   Status of Meltdown and Spectre Mitigations in Windows.
12   ♦ Microsoft releases Windows 10 builds 17134.112, 16299.492.
12   Mac Security Tool bugs show Malware as Apple Software.
12   Trik Spam Botnet Leaks 43 Million Email Addresses.
12   Microsoft and Adobe Flash Player issue security patches.
11    Apple Bans Apps That Mine Cryptocurrencies.
11   Thousands of Android devices are exposing their debug port.
08  The Week in Ransomware – CryBrazil, CryptConsole, etc.
08  Malspam Campaigns Bypass AV Filters and Install RATs.
08  F-Secure fixes serious vulnerability in antivirus products.
07  Google Releases Security Update for Chrome.
07  Facebook Bug Caused New Posts to be Shared Publicly.
07  Security vulnerabilities fixed in Firefox 60.0.2.
07  Adobe Patches Zero-Day Flash Flaw.
07  Patches available for bugs in popular brand of IP cameras.
06  VPNFilter malware is much worse than previously thought.
05  Microsoft releases Windows 10 build 17134.83 – KB4338548.
05  Credentials for 92 million users of DNA testing firm exposed.
04  How to protect yourself from Ticketfly type megabreaches.
01   Firmware & driver updates for Microsoft Surface 3 tablet.
01   Apple Releases Security Updates for macOS.
01   The Week in Ransomware – from Russia with Love, etc.

May, 2018  (Click listings for more information).
30  Remote code vulnerability disclosed in Windows JScript.
30  Hackers targeting gas stations & credit cards at the pump.
29  Apple releases iOS 11.4 with Messages in iCloud & AirPlay 2.
29  Rebooting your router to remove VPNFilter is not enough.
29  Google Chrome 67 released for Windows, Mac, and Linux.
26  Why Is Your Location Data No Longer Private?
25  Facebook 2FA no longer needs a phone number.
25  Z-Shave Attack Could Impact Over 100 Million IoT Devices.
24  Amazon Alexa recorded a conversation and sent it to a contact.
24    Microsoft Update Fixes Windows 10 Intel & Toshiba SSD Issues.
24  FBI Takes Control of APT28’s VPNFilter Botnet.
23  Hackers infect 500,000 consumer routers all over the world.
22  Microsoft to Block Flash in Office 365.
22  Mobile Giants: Please Don’t Share the Where.
22  DrayTek router user? Patch now to keep the crooks out.
21     Microsoft releases a Windows 10 update for version 1709.
21   Google and Microsoft Reveal New Spectre Attack.  
21   GPON Routers Attacked With New Zero-Day.
20  Using Google Chrome Cleanup to scan for unwanted software.
20  Phishing Roundup, Some Current Phishing Threats.
19   Clicking on a PDF infects older versions of Windows.
18   How to delete the ‘mshelper’ malware from macOS.
18   Security vulnerabilities fixed in Thunderbird 52.8.
17   Coinminer Campaign Makes 500,000 Victims in Three Days.
17   Tracking firm leaked location data of all major U.S. mobile carriers.
16     Windows 10 April Update halted for devices with Intel & Toshiba SSDs.
16  Adware launches in-browser mining sites mimicking Cloudflare.
16  Chrome update fixes issue that broke many web-based games.
16   Microsoft Releases KB4100347, KB4134660, and KB4134661.
14   Adobe security updates for Acrobat, Reader, & Photoshop.
14   Facebook suspends apps that may have mishandled user data.
13   Card Breach Announced at Chili’s Restaurant Chain.
11    EternalBlue exploit is bigger than ever, 1 year after WannaCry.
11    Malicious apps get back on the Play Store with name change.
11    Surface Book 2 gets fixes for Windows 10 April 2018 Update.
11    Internet Explorer zero-day:  browser is under attack.
10   Wanted that Windows 10 update but have an Intel SSD?
10   Malicious Chrome extensions infect 100,000-plus users.
10   At least five IoT botnets are attacking Dasan GPON routers.
10   Google Releases Security Update for Chrome.
09  Security vulnerabilities fixed in Firefox 60.
09  Think you’ve got your credit freezes covered? Think again.
09  OS vendors release patches after misinterpreting Intel docs.
09    Some Windows 10 PCs can’t boot after installing updates.
09  Critical bug in 7-Zip – make sure you’re up to date!
08  Microsoft Patch Tuesday and Adobe Flash Player Updates.
08  Office 365 zero-day used in real-world phishing campaigns.
08  Patch Tuesday: Here’s what’s new for Windows 7 and 8.1.
05    Here’s how to roll back the Windows 10 April 2018 Update.
04    Stay away from Windows 10 Update on this Patch Tuesday.
04  Half a million pacemakers need a security patch.
03  Chrome is Crashing on Windows 10’s April 2018 Update.
03  Drive-by attack uses GPU to compromise an Android phone.
03  Twitter to All Users: Change Your Password Now!
02  Update patches Windows Host Compute Service Shim library.
02  VirusTotal releases VTZilla 2.0 extension for Firefox Quantum.
01   Google Maps open redirect flaw abused by scammers.

AV Real-World Protection Test – April 2018

AV Consumer Performance Test – April 2018

April, 2018  (Click listings for more information).
30  Everything new in Windows 10’s April 2018 Update, out now.
30  FacexWorm spreads via Facebook Messenger, Chrome extension.
30  Volkswagen and Audi Cars Vulnerable to Remote Hacking.
27  PoC code published for triggering an instant BSOD on Windows.
27  The Week in Ransomware – iLO, KCW, and VevoLocker.
27  Microsoft’s Windows 10 “April 2018 Update” next Monday.
27  Apple’s latest updates patch APFS password leakage bug.
27  PDF Files Can Be Abused to Steal Windows Credentials.
25  macOS App Can Detect Evil Maid Attacks.
25  Microsoft Releases Two New Spectre 2 Mitigations Updates.
24  Researcher discloses “unpatchable” Nintendo Switch exploit.
24  Apple Releases Security Updates for MacOS, iOS, and Safari.
23  New Crossrider variant installs configuration profiles on Macs.
23  MEDantex Transcription Service Leaked Medical Records.
23  Hackers Infect X-Ray and MRI Machines for Patient Data.
23  What’s not included in Facebook’s ‘Download Your Data’.
20  The Week in Ransomware – Reveton Charges, GandCrab, etc.
20  Internet Explorer zero-day exploited in the wild by APT group.
19   JavaScript trackers get data from “Login with Facebook” feature.
18   iOS Trustjacking attack exposes iPhones to remote hacking.
18   Microsoft Ports Anti-Phishing Tech. to Google Chrome Ext.
18   Facebook: three reasons we’re tracking non-users.
18   Malware Steals Facebook Credentials & Session Cookies.
18   Google Chrome 66 Released Today Focuses on Security.
16   Russian hackers exploit routers in homes, govs, & infrastructure.
16   How to protect your Facebook data [UPDATED].
16   Tracking protection in Firefox for iOS now on by default.
16   Hijacked router DNS settings redirect users to Android malware.
13   The Week in Ransomware – PUBG Ransomware, Matrix, etc.
13   Android OEMs Caught Lying About Security Patches.
13   Code Injection Technique Helps Malware Stay Undetected.
12   Cyber-espionage groups are using routers in their attacks.
12   Home Routers Are Proxying Bad Traffic for Botnets, APTs.
11    AMD Releases Spectre v2 Microcode Updates for CPUs.
11    Microsoft Half-Patches Old Outlook Vulnerability.
11    Microsoft Removes Antivirus Registry Key Check.
11    Thousands of hacked websites are infecting visitors.
10   Adobe Patches 6 Flash Player Security Bugs, 3 Critical.
10   Microsoft April Patch Tuesday Fixes 66 Security Issues.
10   Google, Microsoft, and Mozilla Back New WebAuthn API.
10   Firefox Also Blocks the Loading of Most FTP Resources.
10   How to Find Out Everything Facebook Knows About You.
08  Bing Chrome Download Ads Pushing Adware/PUP Installers.
06  Week in Ransomware – Office 365 File Restore & Decryptors.
06  Microsoft Adds Anti-Ransomware Features in Office 365.
05  Sears & Delta Airlines suffer card breaches via shared provider.
05  HTTPS Everywhere adds new rulesets without upgrading ext.
05  VirusTotal Launches Droidy, Its New Android Sandbox.
05  Intel Tells Users to Uninstall Remote Keyboard App.
04  Microsoft patches critical flaw in Malware Protection Engine.
04  Some Intel CPU models will never receive microcode updates.
04  macOS update breaks support for many external monitors.
03  Android malware records phone calls & steals private data.
03  Some Chrome VPN Extensions Leak DNS Queries.
03  Android trojan steals data from instant messaging clients.
02  Fake WhatsApp can steal info from your phone.
02  Panerabread.com Leaks Millions of Customer Records.
02  Google bans Chrome extensions that mine cryptocurrencies.
01   Cloudflare’s DNS Service – Internet More Private & Faster.

Real-World Protection Test March 2018

March, 2018  (Click listings for more information).
30  150 million MyFitnessPal accounts compromised.
30  The Week in Ransomware  – Mostly Small Variants.
30  Test of over 200 security apps against Android malware (PDF).
29  Microsoft issues security update for Windows 7 & Server 2008.
29  Omitting the “o” in .com Could Be Costly.
29  Facebook Pulling “Partner Categories” Ad Targeting Product.
29  Apple iOS 11.3 includes “Battery Health” beta diagnostic tool.
29  Apple releases security updates for iOS, watchOS, tvOS, & Xcode.
28  Hajime Botnet Makes Massive Scan for MikroTik Routers.
27  QR code bug in Apple iOS 11 could lead you to malicious sites.
27  Firefox Add-On Isolates Facebook Tracking.
27  In-Browser Cryptojacking Is Getting Harder to Detect.
27  Academics Discover New CPU Side-Channel Attack.
27  Mozilla Releases Security Updates for Firefox.
26  Chrome extension detects URL Homograph (Unicode) attacks.
26  What Facebook’s Cambridge Analytica means for your data.
25  IETF Approves TLS 1.3 as Internet Standard.
24  Facebook collected call and SMS data from some smartphones.
23  The week in ransomware – Govt infections, Zenis, and more.
22  How Siri leaks your private iPhone messages, & how to stop her.
22  Opera 52 released with faster ad blocking & new tab features.
21   Firmware updates released for security camera Dumpster Fire.
20  Windows Remote Assistance tool usable for targeted attacks.
20  Orbitz says hacker stole two years’ worth of customer data.
19   One In Every 200 Google Search Suggestions Is Polluted.
18   Firefox master password system poorly secured for past 9 years.
16   Zenis Ransomware encrypts your data & deletes your backups.
16   Yet again, Google tricked into serving scam Amazon ads.
15   Malware attack on 400k PCs caused by a BitTorrent app.
15   Pre-Installed Malware Found On 5 Million Android Phones.
14   Intel Microcode Patches arrive on the Microsoft Update Catalog.
13   Critical vulnerability in CredSSP affects all versions of Windows.
13   Flaws in AMD chips makes bad hacks much, much worse.
13   Flash, Windows Users: It’s Time to Patch.
13   Mozilla Releases Security Updates for Firefox.
12   Ransomware being distributed using fake Craigslist Malspam.
11    Checked Your Credit Since the Equifax Hack?
09  Tech support scammers GeeksHelp caught again, 2 years later.
08  Look-Alike Domains and Visual Confusion.
08  MalwareBytes 3.4.4 release has user interface & engine updates.
07  An interactive malware analysis tool is now open to the public.
07  More Google Play apps attack users with Windows malware.
07  CIGslip attack bypasses Windows Code Integrity Guard (CIG).
06  Microsoft Releases Update to Fix Critical USB Driver Issue.
06  Google Releases Security Update for Chrome.
06  What Is Your Bank’s Security Banking On?
05  Researchers discover severe vulnerabilities in 4G LTE protocol.
03  SgxSpectre attack can extract data from Intel SGX Enclaves.
01   Microsoft to Deliver Intel CPU Fixes via Windows Updates.
01   Equifax finds another 2.4 million Americans hit by breach.
01   AdBlock Adds Feature to Cache Popular JavaScript Libraries.